Estimated Time: 10-12 hours Dependencies: Phases 1-8 complete, GitHub repository configured
Enhance CI/CD pipeline with automated builds, tests, security scans, and deployments. Ensure code quality and security at every commit.
Description: Create comprehensive GitHub Actions workflows for CI/CD.
Implementation:
# .github/workflows/ci.yml
name: CI Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Install linters
run: |
pip install black ruff mypy
- name: Run black
run: black --check .
- name: Run ruff
run: ruff check .
- name: Run mypy
run: mypy scanner/ dashboard/
test:
needs: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run tests
run: |
pip install -r requirements.txt -r requirements-dev.txt
pytest tests/ -v --cov --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v3
security:
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Snyk scan
uses: snyk/actions/python@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Run Bandit
run: |
pip install bandit
bandit -r scanner/ dashboard/ -f json -o bandit-report.json
build:
needs: [lint, test, security]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build Docker images
run: |
docker build -t nmapping-scanner:${{ github.sha }} scanner/
docker build -t nmapping-dashboard:${{ github.sha }} dashboard/
Acceptance Criteria:
Time Estimate: 3-4 hours
Description: Integrate code quality tools (black, ruff, mypy).
Configuration:
# pyproject.toml
[tool.black]
line-length = 100
target-version = ['py39']
[tool.ruff]
line-length = 100
select = [''E'', ''F'', ''I'', ''N'', ''W'']
[tool.mypy]
python_version = "3.9"
strict = true
Acceptance Criteria:
Time Estimate: 2 hours
Description: Scan dependencies for vulnerabilities (Snyk, Dependabot).
Acceptance Criteria:
Time Estimate: 2 hours
Description: Automate Docker image builds and push to registry.
Implementation:
# .github/workflows/docker.yml
name: Docker Build
on:
push:
tags:
- ''v*''
jobs:
build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: |
nmapping/scanner:${{ github.ref_name }}
nmapping/scanner:latest
Acceptance Criteria:
Time Estimate: 2-3 hours
Description: Automate deployment to staging and production.
Acceptance Criteria:
Time Estimate: 3-4 hours
Description: Automate release creation with changelog generation.
Implementation:
# .github/workflows/release.yml
name: Create Release
on:
push:
tags:
- ''v*''
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Generate changelog
id: changelog
uses: metcalfc/changelog-generator@v4
- name: Create release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
body: ${{ steps.changelog.outputs.changelog }}
Acceptance Criteria:
Time Estimate: 2 hours
Description: Configure branch protection for main/develop branches.
Rules:
Acceptance Criteria:
Time Estimate: 1 hour
Description: Document CI/CD workflows and deployment processes.
Documentation:
docs/cicd/workflows.md: Workflow descriptionsdocs/cicd/deployment.md: Deployment proceduresdocs/cicd/troubleshooting.md: Common issuesAcceptance Criteria:
Time Estimate: 2 hours
Phase Acceptance Criteria:
Owner: DevOps Team Review Date: 2026-01-20